hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,340 Commits 1,741 Branches 165 Tags
69ed88bccd4e1e52f4e6ffdf6c7f48940ec4c4fc
Commit Graph

1330 Commits

Author SHA1 Message Date
yoff
61a3e9630f java: rewrite conflict detection 
- favour unary predicates over binary ones
(the natural "conflicting access" is binary)
- switch to a dual solution to trade recursion through forall for simple existentials.

Co-authored-by: Anders Schack-Mulligen <aschackmull@github.com>
 2025-10-17 01:43:04 +02:00
Joe Farebrother
d8b37d0cde Review suggestions - update comments and description 2025-10-14 16:03:40 +01:00
Joe Farebrother
9cb593b020 Update tests 2025-10-13 14:51:37 +01:00
Joe Farebrother
c799f93811 Update tests and add inline expectations 2025-10-13 14:51:04 +01:00
yoff
830f02af1f java: fixes from the CI bots 2025-10-09 09:37:31 +02:00
yoff
096d5f2a56 java: implement SCC contraction of the call graph 
Our monitor analysis would be fooled by cycles in the call graph,
since it required all edges on a path to a conflicting access to be either
 - targetting a method where the access is monitored (recursively) or
 - monitored locally, that is the call is monitored in the calling method
For access to be monitored (first case) all outgoing edges (towards an access) need
to satisfy this property. For a loop, that is too strong, only edges out of the loop
actually need to be protected. This led to FPs.
 2025-10-09 09:14:16 +02:00
yoff
5b30153113 java: add Escaping query (P1) 2025-10-09 09:14:16 +02:00
yoff
328b53576a java: add SafePublication query (P2) 2025-10-09 09:14:16 +02:00
yoff
fe487e8bf0 java: add ThreadSafe query (P3) 
Co-authored-by: Raúl Pardo <raul.pardo@protonmail.com>
Co-authored-by: SimonJorgensenMancofi <simon.jorgensen@mancofi.dk>
Co-authored-by: Bjørnar Haugstad Jåtten <bjornjaat@hotmail.com>
 2025-10-09 09:14:16 +02:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Anders Schack-Mulligen
e302616135 Java: Accept qltest change. 2025-09-12 15:41:18 +02:00
Anders Schack-Mulligen
03321ff910 Java: Replace nullness implementation. 2025-09-12 15:41:16 +02:00
Anders Schack-Mulligen
452bbf7289 Java: Add some more nullness tests. 2025-09-12 13:38:21 +02:00
Napalys Klicius
b4d6cb6e5f Merge pull request #20178 from Napalys/java/visible-for-testing-abuse 
Java: Added new query `java/visible-for-testing-abuse`
 2025-08-29 08:38:04 +02:00
Napalys Klicius
1949d9f8f3 Merge branch 'main' into java/mocking-all-non-private-methods-means-unit-test-is-too-big 2025-08-28 14:22:06 +02:00
Napalys Klicius
970167bc62 Java: moved java/mocking-all-non-private-methods-means-unit-test-is-too-big to a more appropriate location, namely Violation of Best Practice/Testing 2025-08-28 14:20:19 +02:00
Napalys Klicius
a3aacfb688 Merge pull request #20190 from Napalys/java/jvm-exit-query-promotion 
Java: Enhance `java/jvm-exit` query and add to quality
 2025-08-27 13:23:02 +02:00
Jami
3675e4bb4f Merge branch 'main' into jcogs33/java/insecure-spring-actuator-config-promotion 2025-08-26 08:02:17 -04:00
Napalys Klicius
b271f1fcd0 Java: Renamed query java/mocking-all-non-private-methods-means-unit-test-is-too-big to java/excessive-public-method-mocking and changed wording from non-private to public 2025-08-26 08:37:57 +00:00
Napalys Klicius
38f517ecfa Java: Add lambda-aware test detection to VisibleForTesting query 2025-08-24 10:02:43 +00:00
Napalys Klicius
4149968f33 Java: Remove the hardcoded path filter that excluded CodeQL's own unit tests from the java/visible-for-testing-abuse query. 2025-08-24 09:58:35 +00:00
Anders Schack-Mulligen
02452704b2 Java: Fix bug in nullness 2025-08-22 10:15:22 +02:00
Anders Schack-Mulligen
9fc0793d6a Java: More nullness qltests, including highlight of FN bug. 2025-08-22 10:12:48 +02:00
Anders Schack-Mulligen
1c724372f2 Java: More nullness qltests. 2025-08-22 10:08:17 +02:00
Anders Schack-Mulligen
ba252cb5cf Java: Add a couple of difficult condition correlation tests. 2025-08-22 10:08:00 +02:00
Napalys Klicius
4705ad2e32 Java: Added extra test cases for fields 2025-08-22 09:23:49 +02:00
Napalys Klicius
ea831a8352 Java: Fix VisibleForTestingAbuse false positives in annotations 2025-08-22 09:23:49 +02:00
Napalys Klicius
225723bfeb Java: Exclude @VisibleForTesting-to-@VisibleForTesting access from VisibleForTestingAbuse alerts 2025-08-22 09:23:49 +02:00
Napalys Klicius
e4042402bc Java: Resolve spurious VisibleForTestingAbuse alerts for inner class access patterns 2025-08-22 09:23:49 +02:00
Napalys Klicius
1e2e6eccd7 Java: Test @VisibleForTesting method accessing @VisibleForTesting members 2025-08-22 09:23:49 +02:00
Napalys Klicius
9dfb4d4301 Java: Enchanced isWithinType to also include lambdas, inner classes etc. 2025-08-22 09:23:49 +02:00
Napalys Klicius
fbf18af076 Java: enchanced check if it is within same package 2025-08-22 09:23:49 +02:00
Napalys Klicius
2a16f4829e Java: Expanded test suite of java/visible-for-testing-abuse 2025-08-22 09:23:49 +02:00
Napalys Klicius
652e9cba3d Java: Added inline test expectations for java/visible-for-testing-abuse 2025-08-22 09:23:49 +02:00
Napalys Klicius
0c14d93bc6 Java: Added new query java/visible-for-testing-abuse 2025-08-22 09:23:49 +02:00
Napalys Klicius
eb6e9b8fe6 Java: Fix java/jvm-exit false positives for local nested classes in test methods 2025-08-21 14:20:49 +00:00
Napalys Klicius
41a78a0c3d Java: Added nested local class test case 2025-08-21 14:10:12 +00:00
Napalys Klicius
53ccc56959 Java: exclude single-method classes from mocking 2025-08-11 13:43:36 +02:00
Napalys Klicius
a9e9a62439 Java: add single-method class test case for mocking rule 
Classes with only one public method should be compliant when mocked.
 2025-08-11 13:43:36 +02:00
Napalys Klicius
22caa584ad Java: Add inline test expectations for MockingAllNonPrivateMethodsMeansUnitTestIsTooBig.qlref 2025-08-11 13:43:36 +02:00
Napalys Klicius
50c7160819 Java: port java/mocking-all-non-private-methods-means-unit-test-is-too-big query 2025-08-11 13:43:36 +02:00
Napalys Klicius
4df613ce37 Java: Improved java/jvm-exit query to remove FP's. 2025-08-11 09:24:01 +02:00
Napalys Klicius
d41a5e3a25 Java: Added basic test cases for java/jvm-exit 2025-08-11 09:24:01 +02:00
Anders Schack-Mulligen
d9cfe14729 Java: Accept qltest change. 2025-08-07 14:51:49 +02:00
Anders Schack-Mulligen
23aac0ac51 Java: document nullness false negative as qltest 2025-08-05 13:49:51 +02:00
Jami Cogswell
c9692a6d10 Java: fix test failures cause by alert msg change 2025-07-19 13:27:09 -04:00
Jami Cogswell
7250265c1f Java: consider all endpoints except for health and info as sensitive to align with Spring docs 2025-07-18 17:50:18 -04:00
Jami Cogswell
685f68d9d3 Java: support 'management.endpoints.web.expose' property 2025-07-18 17:50:17 -04:00
Jami Cogswell
70d51504a7 Java: rename to align with 'java/spring-boot-exposed-actuators' query 2025-07-18 17:50:12 -04:00
Jami Cogswell
ea35fbbe3b Java: support version 3.x 2025-07-18 17:50:07 -04:00